Please merge openssl 0.9.8n-1 into ubuntu

Uploaded to my ppa: https://edge.launchpad.net/~nvalcarcel/+archive/ppa

* There are around six additional patches compared to the Debian version, but only one is applied in debian/patches/series. You should remove old, unused patches.
* There are direct changes to the source. Please convert them to proper described patches.
* debian/changelog: Please target maverick instead of lucid.
* Do you really want to have "(Canonical)" in the debian/changelog stanza? The email address indicates that already.
* The bzr branch contains the .pc directory (files from quilt). I think that the .pc directory shouldn't be part of the branch.
* You may want to forward some Ubuntu changes to Debian to ease the merge next time (for example the openssl-doc package split).

Please resubscribe ubuntu-sponsors once you have addressed these issues.

* Just removed them
* Those can't be striped out, please see changelog entry for 0.9.8k-7ubuntu2 and 0.9.8k-7ubuntu3 for more information
* Sorry about that, i forgot to update the branch.
* Sadly, yes, gpg complaining if not
* Deleted, but it should be there in the main branch aswell, since i didn't add it...
* Yes, planning on doing that.

1. "Those can't be striped out, please see changelog entry for 0.9.8k-7ubuntu2 and 0.9.8k-7ubuntu3 for more information"
Due to dpkg-source 3.0 (quilt), they can be stripped out. debian/patches/debian-changes-0.9.8n-1ubuntu1 is created containing those patches. Please split them and give them propper DEP-3 headers.

2. The clean rules is not clean enough. Running "debuild" twice does not work (log attached).

3. Please have a look at the Lintian errors and warnings (attached). Some of them should be resolved upstream (for example, spelling-error-in-binary). All Lintian warnings imported from Debian [1] should be resolved there first and then merged to Ubuntu. For merging 0.9.8n-1 you should fix the Ubuntu specific Lintian warnings.

Please resubscribe ubuntu-sponsors once these three points are addressed. We are at the beginning of the release cycle and therefore I am more picky.

4. debian/rules could get more love (e.g. using dh 7). This should be done in Debian first.

[1] http://<email address hidden>

log from second debuild run

1. Done

This bug was fixed in the package openssl - 0.9.8o-1ubuntu1

---------------
openssl (0.9.8o-1ubuntu1) maverick; urgency=low

  * Merge from debian unstable, remaining changes (LP: #581167):
    - debian/patches/Bsymbolic-functions.patch: Link using
      -Bsymbolic-functions
    - Ship documentation in openssl-doc, suggested by the package.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Replace duplicate files in the doc directory with symlinks.
    - Move runtime libraries to /lib, for the benefit of wpasupplicant
    - Use host compiler when cross-building (patch from Neil Williams in
      Debian #465248).
    - Don't run 'make test' when cross-building.
    - Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339).
    - debian/patches/aesni.patch: Backport Intel AES-NI support from
      http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518).
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths
      under .pc.
  * Dropped patches, now upstream:
    - debian/patches/CVE-2009-3245.patch
    - debian/patches/CVE-2010-0740.patch
    - debian/patches/dtls-compatibility.patch
    - debian/patches/CVE-2009-4355.patch
  * Dropped "Add support for lpia".
  * Dropped "Disable SSLv2 during compile" as this had never actually
    disabled SSLv2.
  * Don't disable CVE-2009-3555.patch for Maverick.

openssl (0.9.8o-1) unstable; urgency=low

  * New upstream version
    - Add SHA2 algorithms to SSL_library_init().
    - aes-x86_64.pl is now PIC, update pic.patch.
  * Add sparc64 support (Closes: #560240)

openssl (0.9.8n-1) unstable; urgency=high

  * New upstream version.
    - Fixes CVE-2010-0740.
    - Drop cfb.patch, applied upstream.

openssl (0.9.8m-2) unstable; urgency=low

  * Revert CFB block length change preventing reading older files.
    (Closes: #571810, #571940)

openssl (0.9.8m-1) unstable; urgency=low

  * New upstream version
    - Implements RFC5746, reenables renegotiation but requires the extension.
    - Fixes CVE-2009-3245
    - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
      CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
      CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
      no_check_self_signed.patch: applied upstream
    - pk7_mime_free.patch removed, code rewritten
    - ca.diff partially applied upstream
    - engines-path.patch adjusted, upstream made some minor changes to the
      build system.
    - some flags changed values, bump shlibs.
  * Switch to 3.0 (quilt) source package.
  * Make sure the package is properly cleaned.
  * Add ${misc:Depends} to the Depends on all packages.
  * Fix spelling of extension in the changelog file.

openssl (0.9.8k-8) unstable; urgency=high

  * Clean up zlib state so that it will be reinitialized on next use and
    not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
 -- Marc Deslauriers <email address hidden> Mon, 14 Jun 2010 09:08:29 -0400